Safari executes shell scripts automatically!
And that's a bad thing, of course. Read more about it here
. And turn off Safari's default behaviour of automatically expanding and running "safe" files. They just might not be.
Michael Lehn, who found the vulnerability
(link in German), says Apple's on it to fix the issue. But until then: Be safe. A script could simply erase *everything* your user has access to. And that would at least
concern all of your files as well as backups connected to your account currently via USB or FW.